Europ Assistance watches out for more than 300 million people around the world. With 8,000 staff and 33 local companies taking action in the field, the Group has developed an international, on-the-spot system to enact its innovative, everyday vision of its Care Services, supported by a close-knit network of 425,000 partners. The development of Care Services is an opportunity to reassert the meaning we give to our business lines: a strong sense of being there; acting effectively when needed for our customers in everyday life and exceptional circumstances alike.
The Europ Assistance path to innovation and greater security
“Our challenge is to be innovative and forward-looking and to accompany the business towards the sort of transformation we need in order to move beyond a prevalently B2B model, providing insurance and assistance on an outsourcing basis, such as for banks and car manufacturers, and to be able to reach the consumer directly with a full offering of integrated products and services,” says Marco Borsellino, CTO, Europ Assistance.
In order to support this change and meet the very specific needs of the assistance segment, one of the priorities that the company’s management and the entire IT department had to face was that of enhancing the security of its IT infrastructures, given that they include systems designed to meet those specific needs (such as CRM for assistance management) and taking account of the fact that the highest priority is to be able to provide assistance 24x7 all year round.
Turning to Palo Alto Networks for insurance
Europ Assistance began from a situation in which they had all of the security components necessary, but they were divided up among the individual components from different vendors and for different releases that interacted with each other. The hardware included a traditional perimeter firewall at the network level, i.e. on the IP port, a cluster of proxies based on open-source systems that handled caching and URL filtering (outward connectivity), and a VPN concentrator that was used in certain cases in order to interface with business partners, as well as to provide mobile access to providers and corporate users. For access to the Web services, there was a reverse proxy and an intrusion prevention system (IPS) in order to identify potential network vulnerabilities and to actively block traffic when needed.
“Having grown in layers over the years, the security infrastructure had reached a level of fragmentation that made system management highly complicated. The firewall policies, in particular, had become difficult to manage, and many of them were no longer relevant to the context in which we were operating,” says Borsellino. “The great many VPN accesses, both by providers and in-house users, had become highly complex and required greater control over inbound accesses. For this reason, we began looking for a solution that could consolidate all of this infrastructure to ensure greater reliability, business continuity and disaster recovery.”
With Aditinet Consulting as a technology partner, the type of traffic seen on the Europ Assistance network and the potential vulnerabilities were assessed. The time for change had come, and an RFP was issued specifying the needs and current conditions in order to compare the various solutions available.
At the end of this process, which concerned both the technological aspect and costs and planning, Europ Assistance selected Palo Alto Networks because it would enable the company to consolidate the entire security platform into a single system without having any downtime during the transition, which was essential for the type of services provided by Europ Assistance, given that both the users and the operators must be online at all times and able to access the external resources.
Later, the adoption of the new Palo Alto Networks infrastructure, made up of two PA-2050s for high availability and a PA-500 with dynamic routing in Rende, also solved another critical issue: the use of anonymous proxies to bypass security policies.
With Palo Alto Networks comes PCI-DSS certification
In 2012, Europ Assistance obtained PCI-DSS certification for the handling of credit card numbers, and the company then decided to dedicate an isolated area of its network that would be specifically and thoroughly protected and certified based on the 246 protection requirements. This partition of the network, which was to be used, in part, by the PCI area, was one of the reasons behind the selection of Palo Alto Networks because, particularly during implementation, it enabled the company to manage this aspect autonomously without the need for assistance by specialist firms, leaving these firms free to support Europ Assistance during the certification stage.
Simplified management with Palo Alto Networks
“With the adoption of the new platform, configuration management became much easier. We’ve noticed how quickly and easily our system administrators can respond to requests coming from either the IT division or our in-house users, and without putting current configurations and infrastructures at risk,” Borsellino explains. “Before, the diversity of the various components called for specific knowledge of each and every system. Now, a single console, that can be accessed via Web, has enhanced visibility and facilitated policy management.”
Furthermore, in terms of reporting, the IT staff is now able to work with a single, high-level report that provides a full overview of all that happens. Now, a VPN can be created on the fly in just a few minutes; new policies can be implemented quickly, and, above all, much more timely and accurate reporting data can be provided.
The Europ Assistance Case Study in Italian.